Thursday, August 19, 2010

Network Security??

I have a home network that is connected to my office network. What steps can I take to check the security on my home network? How can I beef up the security I have now?

Network Security??
Trish the information is probably incomplete as you don't specify how your home network is connected to the office network.





In the case of a VPN connection you are trusting each remote location to become a part of your extended network. What you are trying to protect here is the communication between the two sites with encryption of the communication tunnel pipe. There are a couple of solutions to install a VPN:





- SSL Explorer allows you to have remote access to files and computers in a remote site opening only one port at the remote site network. You can use terminal services or VNC to reach any computer. You can also map drive contents and reach them in a webpage screen. The good part of SSL Explorer community edition is that it is clientless which does not require that people reaching your VPN have a pre-configured VPN client on their laptops.


http://www.3sp.com





- OpenVPN is a free SSL VPN that requires the software to be installed and configured at both ends. This option allows for a true VPN access to all computers inside the network. It is more complex to configure.


http://openvpn.org


http://openvpn.se %26lt;= Windows Version





To check the security of your home network (your computer configuration) you can run several tools against each computer to know what you have open, and if not needed, close it through a firewall that allows outbound blocking. Microsoft firewall does not block outbound traffic unless you have Vista, so get a firewall like zonealarm, comodo firewall, or pctools firewall.





The tools to check your open holes would be:


- Port Scanner: check open ports in computer


- Nessus Scanner: check misconfigurations


- http://www.cisecurity.org has benchmarks and configuration standards (baseline) to harden the security of computers.


- Make sure you have patches/fixes applied and up to date (windows updates)


- Scan your computer for spyware, malware, virus


a) avg anti-spyware


b) comodo boclean - antimalware


c) avg anti-virus, avast anti-virus, or comodo anti-virus.





Since you have gone so far defrag your HD from time to time and maybe run a registry defrag to keep up with maintenance of your computer.





I usually find free software at http://download.com. There you can check for defrag utilities, firewalls, and antivirus.





Finally, if you don't have a router in front of your computer and Internet connection you might want to reconsider. When you have a router in front of your computer you isolate your computer from having direct connection to the Internet. All attacks will be received by the router instead of the computer. The drawback is that you will have to administer the router to open/close ports to forward traffic to your computer. Example. You want to have terminal services or a Web Server running in your home computer you will need to open a port at the router and forward the traffic to your computer who is ready to serve the service to people on the Internet:





Source Destination Port (TCP/UDP)


* PC IP 80/3389





Hope this is not confusing. By the way, I like your picture!
Reply:Check your router and the firewall settings. Check your AV software is up to date. If you are really concerned, buy a separate firewall (hardware device)...
Reply:Firewalls - stop things getting in


Anti-Virus - kills the things that got in


passwords - make them tricky (CAPS, lower case, numbers, symbols) chng them often.
Reply:there is all kinds of software for it look up under network security on your search bar and choose the best one for you.
Reply:Install software level firewall (Mac fee,Norton) to prevent unauthorized access.Install Zone alarm to detect abnormal behaviors in the network
Reply:Trish,


The best answer I can give you is to talk to your office network administrator.





Or, if you don't have one to hire a consultant to properly architect your solution.





I suggest this because today security can be complex and difficult for a non-technical person to address properly.





The things you can do on your own primarily center on your own machine... ensuring it's free of viruses, spam, and other malware.





But, beyond that it's usually beyond the capabilities of a non-technical person to perform properly.





A shortlist of what goes into designing proper network security...





- Defense in depth (multiple layers)


- Proper password construction, management and enforcement


- Policies that enforce/remind or automatically implement how machines keep themselves updated and how Users interact with machines


- Standard implementation of both firewall appliances and host-based firewalls. Where security is critical, companies take this further and implement IDS and IPS.


- Proper design and use of communications between computers, especially if the connection is across an unsecured network like the Internet


- Proper configuration of alerts and monitoring the health of the network


- A thorough audit/evaluation of all the applications you use from a security perspective. Some applications have no business being used as business apps, ironically. Or, if you're forced to use such an app, you at least understand the risks and can try to use it the safest way possible minimizing risks.





Concepts like those have to be identified and addressed before you even start considering specific solutions which will depend on how your network is constructed like whether Domain vs Workgroup security is implemented, whether remote machines can be qualified before accessing the company network, etc.





Good Luck. A well qualified Security Consultant is hard to find and nowadays concerns are the same whether you're a big Fortune 500 company or a small business yet the resources each can use towards proper security are very different. And, remember also that your overall security is only as strong as your weakest link.


No comments:

Post a Comment